The ENCRYPT Act Protects Encryption from U.S. State Prying

The ENCRYPT Act Protects Encryption from U.S. State Prying

It’s not just the Department of Justice and the FBI that want to undermine your right to private communications and secure devices—some state lawmakers want to weaken encryption, too. In recent years, a couple of state legislatures introduced bills to restrict or outright ban encryption on smartphones and other devices. Fortunately, several Congress members recently introduced their own bill to stop this dangerous trend before it goes any further.

The bill is called the ENCRYPT Act. EFF gladly supports it and thanks Representatives Ted Lieu (D-CA), Mike Bishop (R-MI), Suzan DelBene (D-WA), and Jim Jordan (R-OH) for sponsoring and co-sponsoring the bill.

Encryption—the technology used to secure data on phones and computers and keep digital messages safe from eavesdroppers—is under threat around the world. In the U.S., some of those threats have come from the Department of Justice and FBI, which want technology companies to purposefully and irresponsibly weaken encryption so that law enforcement can more easily get their hands on the contents of encrypted data and messages.

But the threats have come from individual U.S. states, too.

Two years ago, lawmakers in California and New York introduced statewide legislation that would’ve significantly limited their residents’ access to encrypted devices and services. In California, for example, Assembly Bill 1681 would have originally required that any smartphone sold in the state be “capable of being decrypted and unlocked by its manufacturer or its operating system provider.” To help compel this, manufacturers could have been subject to fines of $2,500 for every non-compliant device sold in the state.

This piecemeal approach to encryption is not just wrong-headed, it simply won’t work. If state legislatures individually meddle with encryption policy, we could see a landscape where Illinois residents can buy the latest iPhone and download messaging apps like Signal and WhatsApp, but Californians can’t. But the California and New York state bills, intended to help law enforcement catch criminals, ignored the reality that people could still cross into states where the technology is unrestricted to purchase encrypted devices. What’s more, it would be trivially easy for anyone to download encrypted messaging apps online, regardless of state laws.

The ENCRYPT Act would make sure this scenario doesn’t come to pass. In fact, the bill was originally introduced in 2016 as a bulwark against the California and New York state bills—both of which failed on their own.

The ENCRYPT Act would prevent U.S. states and local governments from compelling companies to weaken their encrypted products or store decryption keys for use on demand by law enforcement. It would also prevent states from prohibiting the sale and offering of certain devices and services based solely on their encryption capabilities. That means everyone across the United States, no matter what state they live in, could have equal access to strong encryption.

Of course, there are threats to encryption at the federal level as well, which is why EFF also supports the Secure Data Act. The Secure Data Act, which also has bipartisan sponsorship, would act as a perfect complement to the ENCRYPT Act by prohibiting courts and federal agencies from mandating weakened encryption or otherwise intentionally introducing security vulnerabilities. Together, the two bills would go a long way toward ensuring that strong encryption remains free of government interference in the United States.

Related Updates

Fresno – On Wednesday, May 22, at 9 am, the Electronic Frontier Foundation (EFF) will argue that criminal defendants have a right to review and evaluate the source code of forensic DNA analysis software programs used to create evidence against them. The case, California v. Johnson, is on appeal...

If you are one of WhatsApp’s billion-plus users, you may have read that on Monday the company announced that it had found a vulnerability. This vulnerability allowed an attacker to remotely upload malicious code onto a phone by sending packets of data that look like phone calls from a...

EFF is proud to announce its newest investigative team: the Threat Lab. Using a combination of research skills, the Threat Lab will take a deep dive into how surveillance technologies are used to target communities, activists, or individuals. The Threat Lab is a multidisciplinary unit that’s part of our Technology...

In his latest announcement, Facebook CEO Mark Zuckerberg embraces privacy and security fundamentals like end-to-end encrypted messaging. But announcing a plan is one thing. Implementing it is entirely another. And for those reading between the lines of Zuckerberg’s pivot-to-privacy manifesto, it’s clear that this isn’t just about privacy. It’s...

San Francisco - Technology is supposed to make our lives better, yet many big companies have products with big security and privacy holes that disrespect user control and put us all at risk. The Electronic Frontier Foundation (EFF) is launching a new project called “Fix It Already!” demanding repair...

Today we are announcing Fix It Already, a new way to show companies we're serious about the big security and privacy issues they need to fix. We are demanding fixes for different issues from nine tech companies and platforms, targeting social media companies, operating systems, and enterprise platforms on...

The good news: TLS 1.3 is available, and the protocol, which powers HTTPS and many other encrypted communications, is better and more secure than its predecessors (including SSL). The bad news: Thanks to a financial industry group called BITS, there’s a look-alike protocol brewing called ETS (or...

More lessons from "Facebook Research"Last week, Facebook was caught using a sketchy market research app to gobble large amounts of sensitive user activity after instructing users to alter the root certificate store on their phones. A day after, Google pulled a similar iOS “research program” app. Both of...

This article was first published on Lawfare. The most recent purportedly serious proposal by a Western government to force technology companies to provide access to the content of encrypted communications comes from Ian Levy and Crispin Robinson of the Government Communications Headquarters, or GCHQ, the U.K.’s equivalent of...

Tracking is everywhere on the Internet. Over the past year, a drumbeat of tech-industryscandals has acclimated users to the sheer number of ways that personal information can be collected and leaked. As a result, it might not come as a surprise to learn that emails, too...